Hi Guys,
I have stumbled upon another headache from the Lets Encrypt stable of problems.
I have built a new server and have been progressively migrating virtual hosts over to it from an older Debian 8 server.
If I create a new virtual host on the New Debian 9 server it requests and adds SSL certificates virtually instantly, and that is fantastic (No Problem there)
The problem I have is that when I request a new SSL certificate on one of the newly migrated virtual hosts I receive the following error:-
Validating configuration for domain.com ..
.. no problems found
Requesting a certificate for domain.com, www.domain.com, mail.domain.com, autoconfig.domain.com, autodiscover.domain.com from Let's Encrypt ..
.. request failed : Web-based validation failed : Failed to request certificate :
domain.com.au challenge did not pass: unknownHost :: No valid IP addresses found for domain.com.au
DNS-based validation failed : Failed to request certificate :
Gave up waiting for validation
This is however after I have modified the DNS records to contain the
autoconfig.domain.com
autodiscover.domain.com
mail.domain.com
records, as well as modifying the /etc/apache2/sites-available/domain.com.conf
to reflect these changes
then restarting both the Bind and Apache services.
I also checked to make sure that there was no web redirection set to redirect from http to https
and noticed that the _acme-challenge.autodiscover.domain.com.au. 5 IN TXT Rd3_5WWQnnmgzEZNwxMFtnemV7rwSinJUCipJdrJQbU
appears in the dns zone, which to me would indicate that a successful DNS-based validation should occur
I have tried to look through the log files but have come up empty as I'm not sure what to look for to find the error.
Comments
Submitted by andreychek on Fri, 07/05/2019 - 10:47 Comment #1
Howdy -- thanks for contacting us!
Could you share the full domain name for that domain where you're seeing these issues?
Also, what should the IP address be?
And just to compare, can you share an example domain that is working properly on this new server?
Thanks!
Submitted by ghost23 on Fri, 07/05/2019 - 10:48 Pro Licensee Comment #2
The same here on a Debian 8 (https://www.virtualmin.com/node/66165)
Submitted by Rory Bremner on Sat, 07/06/2019 - 16:39 Comment #3
I am just an end user like you... I would first check DNS propagation, here: http://leafdns.com/ Try to fix any errors with DNS and when there are zero errors try requesting the certificate again.
Submitted by Shirehosting on Fri, 07/05/2019 - 20:19 Pro Licensee Comment #4
Hi Guys,
I have worked out what the problem is and a solution for anyone else with the same issue.
It all has to do with DNS
When Lets Encrypt goes to validate the domain names that you are presenting to it for a certificate, it actually does a DNS lookup for each and every one.
Not that it tells you, but that is where its failing.
It would be way too easy for you to fix with that information.
Instead it gives you the error that makes you look in the wrong place.
So my error was actually to do with
domain.com
not actually being in the DNS zone once I put it in and ran the Certificate request again, it was like a miracle had occurred....
Validating configuration for domain.com ..
.. no problems found
Requesting a certificate for domain.com, www.domain.com, mail.domain.com, autoconfig.domain.com, autodiscover.domain.com from Let's Encrypt ..
.. request was successful!
Configuring webserver to use new certificate and key ..
.. done
Applying web server configuration ..
.. done
Submitted by Shirehosting on Sat, 07/06/2019 - 01:23 Pro Licensee Comment #5
This Problem is solved
Submitted by IssueBot on Sat, 07/20/2019 - 01:30 Comment #6
Automatically closed - issue fixed for 2 weeks with no activity.